Principles of Privacy 101
Facebook needs to start with some clear principles of privacy. I suggest that Principle #1 should be a simple application of the Golden Rule for the default privacy setting. If someone wants to see some of my personal information, then they should agree to show the corresponding personal information to me. Only after we both agree should any information be shared.
The sharing of information should NOT be transitive or transferable, and Facebook should be actively looking for anyone who is actively trying to cheat. For example, it might make sense for someone to spend a lot of time looking in some detail at the information about one actual friend, but it makes no sense for someone to be scanning lots of personal information at robotic harvesting speeds.
The underlying principle should be that I own my personal information, and anyone else should be allowed to access it only with my permission--which I can revoke at any time and for any reason. Of course, that revocation can only be in principle in these days of easy copying, but the principle of ownership needs to be established, and any abuse of personal information needs to be regarded as a crime.
You don't think so? Okay, then start telling me all of your personal information and see how it feels. Have you EVER made a serious mistake? I bet you have, and I bet that you wouldn't want to have it widely publicized. Even if you're as pure as Caesar's wife, if I know enough about your personal likes and interests and even your strengths, then I guarantee that I could find some way to twist you like a pretzel.
Maybe the secret masters of Facebook are right and privacy is already dead. If so, freedom died with it and we need to schedule a nice funeral.